build cleanup: add iam to base depend

Drop *.ima.yml Try next Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2021-05-03 13:38:46 -0700
committer: Armin Kuster <akuster808@gmail.com> 2021-05-16 13:23:43 -0700
commit: acbf11eec8ebe30f50e458fd2c94288ec4fbeaf0 (patch)
tree: d402f2968252dcf90aa6c4febb3874405a108fe6
parent: baca6133f9c7f77a12dc137fe5b90723fbb4c15b (diff)
download: meta-security-acbf11eec8ebe30f50e458fd2c94288ec4fbeaf0.tar.gz
5 files changed, 120 insertions, 80 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3211025..d08fcf2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,21 +12,20 @@
    - for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ | grep error_report_`; do
    - send-error-report -y tmp/log/error-report/$x
    - done
-    - rm -fr $CI_PROJECT_DIR/build
 stages:
-  - build
+  - base 
  - parsec
  - multi
  - alt 
  - musl
  - test
+  - cleanup
-.build:
+.base:
  before_script:
    - *before-my-script
-  stage: build
+  stage: base 
  after_script:
    - *after-my-script
@@ -66,100 +65,171 @@ stages:
  after_script:
    - *after-my-script
+.cleanup:
+   stage: cleanup
 qemux86:
-  extends: .build
+  extends: .base
  script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image integrity-image-minimal"
  - kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml
  - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml
-  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
+qemux86-musl:
+  extends: .musl
+  needs: ['qemux86-parsec']
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+qemux86-parsec:
+  extends: .parsec
+  needs: ['qemux86']
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+qemux86-test:
+  extends: .test
+  needs: ['qemux86']
+  allow_failure: true
+  script:
+  - kas build --target security-test-image kas/$CI_JOB_NAME.yml
+  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
+qemux86-rm:
+  extends: .cleanup
+  needs: ['qemux86']
+  script:
+    - rm -fr $CI_PROJECT_DIR/build
 qemux86-64:
-  extends: .build
+  extends: .base
  script:
-  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm-image security-tpm2-image"
+  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm-image security-tpm2-image integrity-image-minimal"
  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
-  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
-qemuarm:
+qemux86-64-parsec:
-  extends: .build
+  extends: .parsec
+  needs: ['qemux86-64']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemuarm64:
+qemux86-64-multi:
-  extends: .build
+  extends: .multi
+  needs: ['qemux86-64']
  script:
-  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm2-image"
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
-qemuppc:
+qemux86-64-alt:
-  extends: .build
+  extends: .alt
+  needs: ['qemux86-64-multi']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemumips64:
+qemux86-64-rm:
-  extends: .build
+  extends: .cleanup
+  needs: ['qemux86-64']
  script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+    - rm -fr $CI_PROJECT_DIR/build
-qemuriscv64:
+qemuarm:
-  extends: .build
+  extends: .base
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemuarm64-alt:
+qemuarm-parsec:
-  extends: .alt
+  extends: .parsec
+  needs: ['qemuarm']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+qemuarm-rm:
+  extends: .cleanup
+  needs: ['qemuarm']
+  script:
+    - rm -fr $CI_PROJECT_DIR/build
+qemuarm64:
+  extends: .base
+  script:
+  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal"
 qemuarm64-multi:
  extends: .multi
+  needs: ['qemuarm64']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemumips64-alt:
+qemuarm64-alt:
  extends: .alt
+  needs: ['qemuarm64-multi']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemumips64-multi:
+qemuarm64-musl:
-  extends: .multi
+  extends: .musl
+  needs: ['qemuarm64-alt']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemux86-64-alt:
+qemuarm64-parsec:
-  extends: .alt
+  extends: .parsec
+  needs: ['qemuarm64']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemux86-64-multi:
+qemuarm64-rm:
-  extends: .multi
+  extends: .cleanup
+  needs: ['qemuarm64']
+  script:
+    - rm -fr $CI_PROJECT_DIR/build
+qemuppc:
+  extends: .base
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemux86-musl:
+qemuppc-parsec:
-  extends: .musl
+  extends: .parsec
+  needs: ['qemuppc']
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemuarm64-musl:
+qemuppc-rm:
-  extends: .musl
+  extends: .cleanup
+  needs: ['qemuppc']
+  script:
+    - rm -fr $CI_PROJECT_DIR/build
+qemumips64:
+  extends: .base
  script:
  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-qemux86-test:
+qemumips64-multi:
-  extends: .test
+  extends: .multi
-  allow_failure: true
+  needs: ['qemumips64']
  script:
-  - kas build --target security-test-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
-parsec:
+qemumips64-alt:
-  extends: .parsec
+  extends: .alt
+  needs: ['qemumips64-multi']
  script:
-  - kas build --target security-build-image kas/qemuarm-$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
-  - kas build --target security-build-image kas/qemuarm64-$CI_JOB_NAME.yml
-  - kas build --target security-build-image kas/qemux86-$CI_JOB_NAME.yml
+qemumips64-rm:
-  - kas build --target security-build-image kas/qemux86-64-$CI_JOB_NAME.yml
+  extends: .cleanup
-  - kas build --target security-build-image kas/qemuppc-$CI_JOB_NAME.yml
+  needs: ['qemumips64']
+  script:
+    - rm -fr $CI_PROJECT_DIR/build
+qemuriscv64:
+  extends: .base
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+qemuriscv64-rm:
+  extends: .cleanup
+  needs: ['qemuriscv64']
+  script:
+    - rm -fr $CI_PROJECT_DIR/build
diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml
index 487befe..c6cc4fc 100644
--- a/kas/kas-security-base.yml
+++ b/kas/kas-security-base.yml
@@ -51,7 +51,7 @@ local_conf_header:
    EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
    PACKAGE_CLASSES = "package_ipk"
-    DISTRO_FEATURES_append = " pam apparmor smack"
+    DISTRO_FEATURES_append = " pam apparmor smack ima"
    MACHINE_FEATURES_append = " tpm tpm2"
  diskmon: |
diff --git a/kas/qemuarm64-ima.yml b/kas/qemuarm64-ima.yml
deleted file mode 100644
index b478472..0000000
--- a/kas/qemuarm64-ima.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-header:
-  version: 8
-  includes:
-    - kas-security-base.yml
-local_conf_header:
-  meta-security: |
-    DISTRO_FEATURES_append = " ima"
-machine: qemuarm64
diff --git a/kas/qemux86-64-ima.yml b/kas/qemux86-64-ima.yml
deleted file mode 100644
index e64931c..0000000
--- a/kas/qemux86-64-ima.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-header:
-  version: 8
-  includes:
-    - kas-security-base.yml
-local_conf_header:
-  meta-security: |
-    DISTRO_FEATURES_append = " ima"
-machine: qemux86-64
diff --git a/kas/qemux86-ima.yml b/kas/qemux86-ima.yml
deleted file mode 100644
index 6528ba6..0000000
--- a/kas/qemux86-ima.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-header:
-  version: 8
-  includes:
-    - kas-security-base.yml
-local_conf_header:
-  meta-security: |
-    DISTRO_FEATURES_append = " ima"
-machine: qemux86
author	Armin Kuster <akuster808@gmail.com>	2021-05-03 13:38:46 -0700
committer	Armin Kuster <akuster808@gmail.com>	2021-05-16 13:23:43 -0700
commit	acbf11eec8ebe30f50e458fd2c94288ec4fbeaf0 (patch)
tree	d402f2968252dcf90aa6c4febb3874405a108fe6
parent	baca6133f9c7f77a12dc137fe5b90723fbb4c15b (diff)
download	meta-security-acbf11eec8ebe30f50e458fd2c94288ec4fbeaf0.tar.gz

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3211025..d08fcf2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml
@@ -12,21 +12,20 @@
12	- for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ \| grep error_report_`; do	12	- for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ \| grep error_report_`; do
13	- send-error-report -y tmp/log/error-report/$x	13	- send-error-report -y tmp/log/error-report/$x
14	- done	14	- done
15	- rm -fr $CI_PROJECT_DIR/build
16
17		15
18	stages:	16	stages:
19	- build	17	- base
20	- parsec	18	- parsec
21	- multi	19	- multi
22	- alt	20	- alt
23	- musl	21	- musl
24	- test	22	- test
		23	- cleanup
25		24
26	.build:	25	.base:
27	before_script:	26	before_script:
28	- *before-my-script	27	- *before-my-script
29	stage: build	28	stage: base
30	after_script:	29	after_script:
31	- *after-my-script	30	- *after-my-script
32		31
@@ -66,100 +65,171 @@ stages:
66	after_script:	65	after_script:
67	- *after-my-script	66	- *after-my-script
68		67
		68	.cleanup:
		69	stage: cleanup
69		70
70	qemux86:	71	qemux86:
71	extends: .build	72	extends: .base
72	script:	73	script:
73	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	74	- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal"
74	- kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml	75	- kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml
75	- kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml	76	- kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml
76	- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml	77
		78	qemux86-musl:
		79	extends: .musl
		80	needs: ['qemux86-parsec']
		81	script:
		82	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
		83
		84	qemux86-parsec:
		85	extends: .parsec
		86	needs: ['qemux86']
		87	script:
		88	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
		89
		90	qemux86-test:
		91	extends: .test
		92	needs: ['qemux86']
		93	allow_failure: true
		94	script:
		95	- kas build --target security-test-image kas/$CI_JOB_NAME.yml
		96	- kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
		97
		98	qemux86-rm:
		99	extends: .cleanup
		100	needs: ['qemux86']
		101	script:
		102	- rm -fr $CI_PROJECT_DIR/build
77		103
78	qemux86-64:	104	qemux86-64:
79	extends: .build	105	extends: .base
80	script:	106	script:
81	- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm-image security-tpm2-image"	107	- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm-image security-tpm2-image integrity-image-minimal"
82	- kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml	108	- kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
83	- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
84		109
85	qemuarm:	110	qemux86-64-parsec:
86	extends: .build	111	extends: .parsec
		112	needs: ['qemux86-64']
87	script:	113	script:
88	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	114	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
89		115
90	qemuarm64:	116	qemux86-64-multi:
91	extends: .build	117	extends: .multi
		118	needs: ['qemux86-64']
92	script:	119	script:
93	- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image"	120	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
94	- kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml
95		121
96	qemuppc:	122	qemux86-64-alt:
97	extends: .build	123	extends: .alt
		124	needs: ['qemux86-64-multi']
98	script:	125	script:
99	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	126	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
100		127
101	qemumips64:	128	qemux86-64-rm:
102	extends: .build	129	extends: .cleanup
		130	needs: ['qemux86-64']
103	script:	131	script:
104	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	132	- rm -fr $CI_PROJECT_DIR/build
105		133
106	qemuriscv64:	134	qemuarm:
107	extends: .build	135	extends: .base
108	script:	136	script:
109	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	137	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
110		138
111	qemuarm64-alt:	139	qemuarm-parsec:
112	extends: .alt	140	extends: .parsec
		141	needs: ['qemuarm']
113	script:	142	script:
114	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	143	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
115		144
		145	qemuarm-rm:
		146	extends: .cleanup
		147	needs: ['qemuarm']
		148	script:
		149	- rm -fr $CI_PROJECT_DIR/build
		150
		151	qemuarm64:
		152	extends: .base
		153	script:
		154	- kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal"
		155
116	qemuarm64-multi:	156	qemuarm64-multi:
117	extends: .multi	157	extends: .multi
		158	needs: ['qemuarm64']
118	script:	159	script:
119	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	160	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
120		161
121	qemumips64-alt:	162	qemuarm64-alt:
122	extends: .alt	163	extends: .alt
		164	needs: ['qemuarm64-multi']
123	script:	165	script:
124	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	166	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
125		167
126	qemumips64-multi:	168	qemuarm64-musl:
127	extends: .multi	169	extends: .musl
		170	needs: ['qemuarm64-alt']
128	script:	171	script:
129	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	172	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
130		173
131	qemux86-64-alt:	174	qemuarm64-parsec:
132	extends: .alt	175	extends: .parsec
		176	needs: ['qemuarm64']
133	script:	177	script:
134	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	178	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
135		179
136	qemux86-64-multi:	180	qemuarm64-rm:
137	extends: .multi	181	extends: .cleanup
		182	needs: ['qemuarm64']
		183	script:
		184	- rm -fr $CI_PROJECT_DIR/build
		185
		186	qemuppc:
		187	extends: .base
138	script:	188	script:
139	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	189	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
140		190
141	qemux86-musl:	191	qemuppc-parsec:
142	extends: .musl	192	extends: .parsec
		193	needs: ['qemuppc']
143	script:	194	script:
144	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	195	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
145		196
146	qemuarm64-musl:	197	qemuppc-rm:
147	extends: .musl	198	extends: .cleanup
		199	needs: ['qemuppc']
		200	script:
		201	- rm -fr $CI_PROJECT_DIR/build
		202
		203	qemumips64:
		204	extends: .base
148	script:	205	script:
149	- kas build --target security-build-image kas/$CI_JOB_NAME.yml	206	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
150		207
151	qemux86-test:	208	qemumips64-multi:
152	extends: .test	209	extends: .multi
153	allow_failure: true	210	needs: ['qemumips64']
154	script:	211	script:
155	- kas build --target security-test-image kas/$CI_JOB_NAME.yml	212	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
156	- kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
157		213
158	parsec:	214	qemumips64-alt:
159	extends: .parsec	215	extends: .alt
		216	needs: ['qemumips64-multi']
160	script:	217	script:
161	- kas build --target security-build-image kas/qemuarm-$CI_JOB_NAME.yml	218	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
162	- kas build --target security-build-image kas/qemuarm64-$CI_JOB_NAME.yml	219
163	- kas build --target security-build-image kas/qemux86-$CI_JOB_NAME.yml	220	qemumips64-rm:
164	- kas build --target security-build-image kas/qemux86-64-$CI_JOB_NAME.yml	221	extends: .cleanup
165	- kas build --target security-build-image kas/qemuppc-$CI_JOB_NAME.yml	222	needs: ['qemumips64']
		223	script:
		224	- rm -fr $CI_PROJECT_DIR/build
		225
		226	qemuriscv64:
		227	extends: .base
		228	script:
		229	- kas build --target security-build-image kas/$CI_JOB_NAME.yml
		230
		231	qemuriscv64-rm:
		232	extends: .cleanup
		233	needs: ['qemuriscv64']
		234	script:
		235	- rm -fr $CI_PROJECT_DIR/build


diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml index 487befe..c6cc4fc 100644 --- a/kas/kas-security-base.yml +++ b/kas/kas-security-base.yml
@@ -51,7 +51,7 @@ local_conf_header:
51	EXTRA_IMAGE_FEATURES ?= "debug-tweaks"	51	EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
52	PACKAGE_CLASSES = "package_ipk"	52	PACKAGE_CLASSES = "package_ipk"
53		53
54	DISTRO_FEATURES_append = " pam apparmor smack"	54	DISTRO_FEATURES_append = " pam apparmor smack ima"
55	MACHINE_FEATURES_append = " tpm tpm2"	55	MACHINE_FEATURES_append = " tpm tpm2"
56		56
57	diskmon: \|	57	diskmon: \|


diff --git a/kas/qemuarm64-ima.yml b/kas/qemuarm64-ima.yml deleted file mode 100644 index b478472..0000000 --- a/kas/qemuarm64-ima.yml +++ /dev/null
@@ -1,10 +0,0 @@
1	header:
2	version: 8
3	includes:
4	- kas-security-base.yml
5
6	local_conf_header:
7	meta-security: \|
8	DISTRO_FEATURES_append = " ima"
9
10	machine: qemuarm64


diff --git a/kas/qemux86-64-ima.yml b/kas/qemux86-64-ima.yml deleted file mode 100644 index e64931c..0000000 --- a/kas/qemux86-64-ima.yml +++ /dev/null
@@ -1,10 +0,0 @@
1	header:
2	version: 8
3	includes:
4	- kas-security-base.yml
5
6	local_conf_header:
7	meta-security: \|
8	DISTRO_FEATURES_append = " ima"
9
10	machine: qemux86-64


diff --git a/kas/qemux86-ima.yml b/kas/qemux86-ima.yml deleted file mode 100644 index 6528ba6..0000000 --- a/kas/qemux86-ima.yml +++ /dev/null
@@ -1,10 +0,0 @@
1	header:
2	version: 8
3	includes:
4	- kas-security-base.yml
5
6	local_conf_header:
7	meta-security: \|
8	DISTRO_FEATURES_append = " ima"
9
10	machine: qemux86